# 

REMARKS 

Enclosed herewith is a Substitute Specification in which 
the specification as filed has been amended in various places to 
correct grammatical errors. In addition, the specification as filed 
has been amended to add identifying details to the cited co-pending 
application. 

In support of the above, enclosed herewith is a copy of 
the specification as filed marked up with the above changes. 

The undersigned attorney asserts that no new matter has 
been incorporated into the Substitute Specification. 

The claims have been amended such that they are now in 
proper U.S. format. Applicant asserts that the above changes do not 
affect the scope of the claims. 

The Examiner has rejected claims 1-3 under 35 U.S.C. 
103(a) as being unpatentable over U.S. Patent 6,289,455 to Kocher 
et al. in view of U.S. Patent 5,864,683 to Boebert et al. The 
Examiner has further rejected claims 4-7 under 35 U.S.C. 103(a) as 
being unpatentable over Kocher et al. in view of Boebert et al. In 
addition, the Examiner has rejected claims 8-13 under 35 U.S.C. 
103(a) as being unpatentable over Kocher et al. in view of Boebert 
et al. Moreover, the Examiner has rejected claims 14-17 under 35 
U.S.C. 103(a) as being unpatentable over Kocher et al. in view of 
Boebert et al. Finally, the Examiner has rejected claims 18-20 
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under 35 U.S.C. 103(a) as being unpatentable over Kocher et al. in 
view of Boebert et al. 

Applicant believes that the Kocher et al. patent is an 
improper reference. In particular, the Kocher et al. patent bears a 
filing date of September 2, 1999. While the subject application has 
a filing date of December 3, 1999, Applicant would like to point 
out to the Examiner that the subject application claims priority 
based on Provisional Patent Application Serial No. 60/126,169, 
filed March 25, 1999. This claim was acknowledged by the USPTO in 
the Official Filing Receipt. 

Since the effective filing date of this application is now 
March 25, 1999, this pre-dates the filing date of the Kocher et al. 
patent, and as such, Applicant respectfully requests that all 
rejections based thereon be withdrawn. 
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Applicant believes that this application, containing 
claims 1-20, is now in condition for allowance and such action is 
respectfully requested. 



Respectfully submitted; 




Edward 
Attorney 

Tel.: 914-333-9611 

CERTIFICATE OF MAILING 

It is hereby certified that this correspondence is being 
deposited with the United States Postal Service as First-class mail 
in an envelope addressed to: 

COMMISSIONER OF PATENTS AND TRADEMARKS 
Washington, D.C. 20231 
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APPENDIX 

1. (Amended) A recording mediiim comprising: 

a first memory that io configured to store encrypted 
content material via a first write operation-_^ 

a recording indicator that io configured to contain a 
5 unique identifier at each occurrence of the first write operation- 
; and 

a second memory that io configured to store, via a second 
write operation, a secure item based on the unique identifier when 
the encrypted content material is stored. 

2. (Amended) The recording medium e# -as claimed in claim 1, 
where inj_ 

the secure item includes an encrypted key that 
fQcilitatGD for facilitating a decryption of the encrypted content 
5 material, the encrypted key being dependent upon the unique 
identifier. 

3. (Amended) The recording medium e^— as claimed in claim 1, 
whereinj_ 

the recording indicator includes a counter that io 
configured to be incremented by a recording device when the 
5 recording device records the encrypted content material. 
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4. (Amended) A rendering device that is configured to render 
content material corresponding to encrypted content material that 
i^contained on a recording medium, the recording medium also 
including a recording indicator that contains an original value, 

5 the rendering device comprising: 

one or more decrypt ers that arc configured to decrypt the 
encrypted content material based on a current value of the 
recording indicator, Guch that thc said one or more decrypters 
provide the content material only when the current value of the 
10 recording indicator corresponds to the original value of the 
recording indicatorT — ; and 

a renderer that ia configured to render the content 

material. 

5. (Amended) The rendering device e^ -as claimed in claim 4, 
further including wherein said rendering device further comprises : 

an authorization device that io configured to control the 
renderer based on a usage-measure associated with the recording 
5 mediiom^ and a validity period associated with the content material. 

6. (Amended) The rendering device e ^as claimed in claim 4, 
further including wherein said rendering device further comprises: 

a key generator that creates a unique key based on the 
current value of the recording indicator, 
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and 

wherein 

the one or more decrypters are configured to decrypt the 

encrypted content material based on the unique key that io based on 
the current value of the recording indicator. 



7. (Amended) The rendering device e ^as claimed in claim 6, 
wherein 

the one or more decrypters include: 

a first decrypter that dccr^yTDtg f or decrypting a doubly 
5 encrypted content key based on a private key of the rendering 
device to provide a singly encrypted content key-ri_ 

a second decrypter that dQcrwto for decrypting the singly 
encrypted content key based on the unique key that is based on the 
current value of the recording indicator to provide a content key- 
10 ; and 

a third decrypter that dGcr^/pto for decrypting the 
encrypted content material based on the content key to provide the 
content material. 

8. (Amended) A provider of content material comprisingj_ 

a recorder that io configured to record encrypted content 
material and a corresponding secure item on a recording medium— _f_ 
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the encrypted content material being encrypted based on a 

5 content key—; and 

the secure item being based on a value of a recording 
indicator of the recording medium when the encrypted content 
material is recorded on the recording medium. 



9. (Amended) The content material provider ej — as claimed in 
claim 8, further compriQing w herein the content material provider 
further comprises: 

an allocator that io configured to allocate rendering 
5 rights associated with the encrypted content material, 
and 

wherein 

the recorder is further configured to record the rendering 

rights on the recording medium. 

10. (Amended) The content material provider as claimed in claim 
8, wherein 

the secure item corresponds to an encryption of the 
content key based on the value of the recording indicator. 

11. (Amended) The content material provider as claimed in claim 
8, further comprioing wherein said content material provider further 
comprises: 
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one or more encrypters that arc configured to provide the 
5 secure item. 

12. (Amended) The content material provider e ^as claimed in 
claim 8, further including wherein said content material provider 
further comprises: 

a key generator that qcncratos for generating a unique key 
5 based on the value of the recording indicator—; and 

one or more encrypters that arc configured to encrypt the 
content key based on the unique key to produce the secure item. 

13. (Amended) The content material provider e# -as claimed in 
claim 8, further comprioinq w herein said content material provider 
further comprises: 

a first encrypter that cncryptp for encrypting the content 
5 key based on a unique key that is dependent upon a value of the 
recording indicator to produce a singly encrypted content keyy— 1 
and 

a second encrypter that cncrypto for encrypting the singly 
encrypted content key based on a public key that is associated with 
10 a rendering device to produce a doubly encrypted content key 
corresponding to the secure item. 
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14. (Amended) A method of providing content material, the 
method comprising the steps : 

recording encrypted content material on a recording 
medium, the encrypted content material being dependent upon the 
5 content material and a content key—; and 

recording a secure item on the recording medium, the 
secure item being dependent upon a recording indicator that is 
associated with the recording mediiam. 

15. (Amended) The method e^ -as claimed in claim 14, further 
including w herein said method further comprises the step: 

recording rendering rights associated with the encrypted 
content material on the recording medium. 

16. (Amended) The method e# -as claimed in claim 14, further 
including wherein said method further comprises the steps : 

generating a unique key that io based on the recording 
indicator -; and 

5 encrypting the content key using the unique key to produce 

the secure item. 

17. (Amended) The method e ^as claimed in claim 14, wherein the 
method further includinq comprises the steps : 
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generating a unique key that io based on the recording 
indicator—^ 

encrypting the content key using the unique key to produce 
a singly encrypted content key—; and 

encrypting the singly encrypted content key using a public 
key associated with a rendering device to produce the secure item. 

18. (Amended) A method of rendering content material from a 
recording medium that includes encrypted content material, an 
encrypted content key, and a recording indicator, the method 
comprising the steps : 

determining a unique key based on the recording 
indicator— _^ 

decrypting the encrypted content key based on the unique 
key to provide a content key— i_ 

decrypting the encrypted content material based on the 
content key to provide the content material—; and 

rendering the content material . 

19. (Amended) The method ej — as claimed in claim 18, whereinj_ 

the recording medium also includes rendering rights, and 
the step of rendering the content material is dependent 
upon the rendering rights. 
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20. (Amended) The method e^ -as claimed in claim 18, wherein the 
step of 

decrypting the encrypted content key includes: 

decrypting the encrypted content key based on a private 

key to provide a singly encrypted content key— 2__and 

decrypting the singly encrypted content key based on the 

unique key to provide the content key. 
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SUBSTITUTE SPECIFICATION 

KEY DISTRIBUTION VIA A MEMORY DEVICE 

CROSS-REFERENCE TO RELATED APPLICATIONS 
[00011 This application claims the benefit of U.S. Provisional 
Application No. 60/126,169, filed 03/25/QQ, Attorney Docket PILA 
23. 637P. 03/25/99 (Attorney Docket PHA 23.637P). 

BACKGROUND OF THE INVENTION 
tr— Field of tho Of The Invention 

[00021 This invention relates to the field of electronic 

security, and in pgrticular and, in particular, to the encryption 
and decryption of copy-protected content material. 

3-:— Description e# Qf The Related Art 

[00031 Digital recording techniques are commonly used to record 
copy-protected content material, such as^. audio and video 
15 recordings. Subsequent digital copies of such digital recordings 
are virtually indistinguishable from the original, and offer the 
same quality as the original. 

[00041 As the ease of illicitly providing high-quality 
reproductions of copy-protected content material increases, the 
20 need for preventing such reproductions increases. At the same time. 

Error! Unknown switch argxament « Page 1 




PHA 23.637 

however, a legitimate purchaser of such copy-protected content 
material expects to be able to make copies of the content material 
for his or her own use. A number of "policy groups", such as the 
SDMI (Secure Digital Music Initiative), and others, have been 
5 formed in an attempt to reach an equitable compromise between the 
opposing needs of the owners or vendors of the copy-protected 
material and the purchasers of copies of the copy-protected 
material. As a result of the actions of these policy groups, a 
variety of encryption and decryption techniques have been 

10 developed, and continue to be developed, to limit the number of 
times that a copy of copy-protected content material can be made, 
or to limit the n\imber of times that a copy may be played-back, or 
to place an expiration time on a copy. Similarly, encryption and 
decryption techniques have been developed that limit the type of 

15 actions than can be applied to the copy. For example, a copy may 
have a limit to the number of times that it can be copied, 
independent of the number of times that it can be played-back. A 
"copy-once, play-always" authorization would allow for an infinite 
number of play-backs, but only one copy; a "copy-never, play-10" 

2 0 authorization would allow for ten play-backs, and no copies of this 
copy. For ease of reference, the term "rendering" is used herein to 
identify either a recording function or a playback function. For 
example, a recorder renders the material to a recording medium, a 
CD-player renders the material to an audio system, a DVD- DVD player 

2 5 renders the material to an audio-visual system, and so on. In 
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addition to limiting the niunber and type of renderings, the device 
that provides the limited-use copy may also limit the number of 
limited-use copies of the copy-protected material that are 
simultaneously available at any given time. That is, for example, 
5 if the number of limited-use copies at any given time is limited to 
ten, the compliant recorder will not provide an eleventh copy until 
at least one of the first ten copies is "checked- in" , and marked as 
being expired, if not already so marked. 

[00051 In a typical embodiment of a limited-use copy, the copy 
10 contains a counter or ticket that stores, in a secure manner, an 
indication of the authorized rights, and a compliant playback 
device updates the counter with each rendering or each passage of 
time, as appropriate for the particular authorized right. In the 
typical embodiment, the device that provides the limited-use copy 
15 and the device that renders the material share a cryptographic key 
or set of keys that are used to prevent the rendering of the 
material on an illicit device, and to prevent a modification to the 
authorization parameters. Typically, the content material is 
encrypted using a symmetric key, and this key is communicated to 
20 the rendering device in an encrypted form, using an asymmetric 
public key that corresponds to a private key that is associated 
with the rendering device. In this manner, only the intended 
rendering device is able to decrypt the encrypted content material. 
This asymmetric public key is also used to encrypt the 
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authorization rights associated with the encrypted content 
material . 

[00061 By limiting the number of simultaneously authorized 
copies, a compliant provider of the copies cannot be efficiently 
5 utilized for an illicit mass production. By limiting the number of 
times that a copy of copy-protected material can be rendered, the 
resale value of such a limited-use copy is substantially reduced, 
thereby diminishing the incentive to illicitly reproduce and sell 
these copies. At the same time, the purchaser of the original copy 

10 of the content material is provided virtually unlimited 

reproduction rights. The burden on the user of re-recording the 
expired copies from the original purchased copy is viewed to be 
minimal, particularly if the number of times that the copy can be 
rendered before expiring is reasonably high, the number of 

15 simultaneous copies is reasonably high, and the effort required for 
the re-recording is low. The use of an expiration time, in lieu of 
an expiration based on the number of renderings, can also be used 
to minimize the resale value of each copy, yet allow the purchaser 
substantially unlimited reproduction rights. A time-based system 

20 based on real time (clock time) , however, is not often effective 

for copy protection, because many illicit copies could be made in a 
relatively short amount of time, and, conversely, most purchasers 
would be dissatisfied with a time limit that was not related to 
whether the material was being rendered during that time. 
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Typically, time-based systems are based on a duration of time that 
the material is actually rendered, rather than real (clock) time. 
[0007] Another scenario for the use of time-limited or usage- 
limited copies of copy-protected material is for the legitimate 
5 vendors of the copy-protected material to sell time-limited or 

usage-limited copies directly, potentially at a lower cost than the 
above referenced copies that allow for unlimited reproductions. For 
example, a limited-use copy may be provided via a download from the 
Internet, or via a broadcast from a provider, such as a cable or 

10 satellite television program provider, with an option to purchase 
an unlimited-use copy. Or, limited-use copies can be provided as 
rental items, such as a single-use rental of a video recording that 
does not require the return of the recording within a limited time 
period. These and other scenarios for the use of limited-use copies 

15 of copy-protected content material can be expected to become 
increasingly common. 
. [0008] One known method of overcoming a limited-use copy 
protection scheme is termed a "replay attack". In this method, a 
bit-for-bit copy is made of the limited-use copy while it contains 

20 its full allocation of authorized usage or time, and stored in an 
archive. Although this copy cannot typically be used in a non- 
compliant rendering device, because the material is stored in a 
secured form, this copy can be used, or replayed, on a compliant 
device by re-recording the bit-by-bit copy of the maximum allocated 

25 copy back onto the recording medium. Thus, even though the resale 
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value of a limited-use copy of content material will be lower than 
the value of an unlimited-use copy, a counterfeiter may choose to 
provide such illicit limited-use copies, because of the ease of 
creating the copies, and the ease of overcoming the limited-use 
5 copy protection scheme. 

BRIEF SUL(P1ARY SUMMARY OF THE INVENTION 

[0009] It is an object of this invention to provide an 

encryption method that precludes a replay attack on a limited-use 
protection scheme. It is a further object of this invention to 
10 provide a recording medium having properties that preclude a replay 
attack. It is a further object of this invention to provide a 
system that provides limited-use copies of copy-protected material 
that precludes a replay attack. 

[QOIQ] These objects and others are achieved by providing an 

15 encryption system having a secure item that is substantially unique 
for each recording of a copy of copy-protected content material. A 
memory element is provided in the recording medium that is readable 
but not writeable by external devices, and whose content changes 
each time material is recorded onto the medium. In a preferred 
20 embodiment, the content of this memory element is used to form a 
unique encryption key that is used to encrypt the encryption key 
that is used to encrypt the content material. This unique 
encryption of the content encryption key is further encrypted using 
a public key that corresponds to a private key of the intended 
25 rendering device. Although the unique encryption key is 
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determinable by reading and processing the content of the 
externally read-only memory element, the decryption of the content 
encryption key requires both the unique encryption key and the 
private key of the intended rendering device. Because the unique 
5 encryption key is based on a content value of the read-only memory 
element that is unique to each recording to the recording medium, a 
subsequent illicit re-recording of the original encrypted content 
material onto the recording medium (a replay attack) will not 
provide the same unique encryption key as the unique encryption key 

10 used to originally encrypt the content encryption key. Because the 
unique encryption key of the replay attack differs from the 
original unique encryption key used to encrypt the content 
encryption key, the rendering device will be unable to decrypt the 
content encryption key, and thereby will be unable to decrypt the 

15 content material, and the replay attack will fail. 
BRIEF DESCRIPTION OF THE DRAWING 

[00111 The invention is explained in further detail, and by way 

of example, with reference to the accompanying drawing wherein: 

[0012] FIG. 1 illustrates an example block diagram of an 

20 encryption system that provides a copy of copy-protected material 
that precludes replay attacks in accordance with this invention. 

DETAILED DESCRIPTION OF THE IWENTION 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

25 [00131 FIG. 1 illustrates an example block diagram of an 
encryption system 100 that provides a copy of copy-protected 
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material on a recording medium 300 that precludes replay attacks in 
accordance with this invention. The encryption system 100 includes 
a content provider 2 00, a recording medium 3 00, and a rendering 
device 400. The content provider 200 records encrypted content 
5 material and associated information to the recording medium 300, 
for rendering by the rendering device 400. Any of a variety of 
conventional recording techniques can be employed, depending upon 
the form and structure of the medium 300. For ease of 
understanding, the components utilized to write to- and read from 

10 the medium 300 are not illustrated in the example block diagram of 
the content provider 2 00 and rendering device 400 in FIG. 1. 

[00141 In accordance with this invention, the recording medium 

300 includes a recording indicator 310 that contains a unique 
number U. A new number U is created each time encrypted content 

15 material 221 is stored to the memory area 320 of the medium 300. 

Any number of techniques may be used to facilitate the production . 
of this unique number U. In a straightforward embodiment of a 
solid-state medium 300, the recording indicator 310 includes a 
counter that is incremented by a modifier 315 with each write 

20 access 299 to the memory 320. In a more complex embodiment, the 

modifier 315 includes a random number generator that provides a new 
random number to the recording indicator 310 with each write access 
299 to the memory 320. Other techniques are also viable, such as 
the use of a data-time stamp, and others. 
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[0015] In a preferred embodiment of this invention, the 

recording indicator 310 is embodied in the "disk sector tag" 
commonly associated with sectors of memory in a computer memory 
device. Corresponding tags can be written to optical or magnetic 
5 disks via a secure disk drive analogously to the case of computer 
memory. That is, as the encrypted content material 221 is written 
to each sector of the memory area 320, the modifier 315 changes the 
disk sector tag of each sector that is written to. One or more of 
these changed disk sector tags thereby form the unique number U. By 

10 associating the recording indicator 310 with specific sectors, 

writes to other sectors within the medium 300 will not affect the 
tags associated with the sectors used to form the memory block 320 
for storing the encrypted content material 320. In this manner, 
memory write operations are distinguishable, even if the medium 300 

15 is not physically segregated into discrete memory blocks 310, 320, 
340, 350 as illustrated in FIG. 1. 

[00161 It should be noted that the number U can be the 
collection of all tags in the entire memory thus creating a single 
key KU for the entire contents of the media. Alternatively the 

2 0 number U and corresponding key KU can be for a single "disk sector" 
so that each section of the media can be separately rewritten 
without affecting the other sections of the media. 

[0017] To prevent a replay attack, the recording indicator 310 

is configured to be externally readable, but not externally 

2 5 controllable. That is, at each occurrence of a write access to the 
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memory 320, the content recording indicator 310 changes in a manner 
that is not externally controllable. In this manner, if the 
legitimate contents in the medium 3 00 are copied to an archive, and 
then subsequently re-recorded on the medium 300 from the archive, 
5 the recording indicator 310 will, via the modifier 315, contain a 
different value U' (not illustrated) in the recording indicator 310 
than the value U that had been in the recording indicator 310 when 
the legitimate contents were stored in the medium 300. Note that 
this value U' in the recording indicator 310 will be different than 

10 the original value U, regardless of whether a total bit-by-bit copy 
of medium 3 00 is archived, including a copy of the original value 
U. That is, because the recording indicator 310 is not externally 
controllable, the original value U cannot be rewritten into the 
recording indicator 310. In this manner, because a copy of the 

15 original contents of the medium 300 can be distinguished from the 

original contents, by comparing the original value U with the copy- 
produced new value U' , a replay attack can be prevented. 

[00181 To facilitate this replay defense, the original value U 

must be reliably and securely communicated to the rendering device 

20 400 that enforces this defense. Any number of techniques may be 

employed to securely communicate the original value U. For example 
(not illustrated) , the original value U could be "digitally signed" 
by content provider 200, and this digitally signed information 
stored in the medium 300. A compliant rendering device 400 will 

25 verify that the digitally signed information is authentic, and then 
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compare the digitally signed original value U to the current value 
of the value U in the recording indicator 310. If the current value 
U matches the digitally signed value U, the rendering device 400 is 
assured that the encrypted content material 321 from the memory 320 
5 is the encrypted content material 221 that was originally stored in 
the memory 320. If the current value U does not match the digitally 
signed value U, the rendering device 400 recognizes the attempted 
replay attack, and precludes a rendering of the content material. 
[0019] In a preferred embodiment, as illustrated in FIG. 1, the 

10 value U 311 is used by the content provider 200 to encrypt an item 
when the encrypted content material 221 is originally recorded, and 
the value U 312 is subsequently used by the rendering device 400 to 
decrypt the item. If the value U 311 changes between the time the 
encrypted content material 221 is originally recorded and the time 

15 the rendering device reads the current value U 312, the rendering 
device 400 will be unable to properly decrypt the item that was 
encrypted based on the original value U 311. If, on the other hand, 
the value U 311 that is used by the content provider 200 is the 
same as the value U 312 that is used by the rendering device 400, 

20 the rendering device 400 will properly decrypt the item that was 
encrypted based on the value U 312. In the example of FIG. 1, the 
aforementioned item that is encrypted based on the value 311 is a 
content key 2 02 that is used to encrypt, and subsequently decrypt 
the encrypted content material 221. 
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[0020] In the example embodiment of FIG. 1, an encrypter 220 is 

illustrated for providing the encrypted content material Ej.^,(CM) 221 
based on the content key KC . A key generator 210 creates a key KU 
212 from the value U 311, typically via a hashing function. In a 
5 preferred embodiment wherein the recording indicator 310 is 

embodied within the disk sector tag for each written sector, the 
key generator 210 creates the key KU 212 by iteratively hashing the 
unique value in each disk sector tag corresponding to the encrypted 
content material memory 320, and optionally, as discussed below, 
10 the unique value in each disk sector tag corresponding to the 
rendering rights memory 350. 

[0021] An encrypter 230 uses the key KU 212 to encrypt the 

content key KC 202 to provide an encrypted content key E^^(KC) 231. 
At the rendering device 400, this encrypted content key Ej^(KC) is 

15 shown as reference item 431. A key generator 410, similar to key 

generator 210, is used to generate a key KU 412, based on the value 
U 312 in the recording indicator 310 at the time that the medium 
300 is read by the rendering device 400. A decrypter 430 decrypts 
the encrypted content key Ej^y(KC) 431 using this key KU 412. If the 

2 0 value U 312 corresponds to the original value U 311 that was used 

in the encryption of the content key KC 202, the decrypter 430 will 
provide a content key KC 402 that matches the content key KC 202. A 
decrypter 42 0 uses the decrypted content key KC 402 to decrypt the 
encrypted content material Ej^^,(CM) 321 from the memory 320 of the 

25 medium 300. If the value U 312 does not correspond to the original 
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value U 311, the rendering device key KU 412 will not match the 
original key KU 212, the decrypted content key KC 402 will not 
match the original content key 202, and^ therefore^, the decrypted 
content material CM 401 will not match the original content 
5 material 2 01, and will be substantially unrenderable . 

[0022] Also illustrated in the example embodiment of FIG. 1, the 

content provider 200 includes an optional encrypter 240 that 
further encrypts the encrypted content key E^(KC) 231 using a 
public key KP 204 that is associated with the rendering device 400. 

10 In this manner, the encrypted content key E^y(KC) 231 cannot be 

decrypted by a device other than the intended receiving device 400, 
thereby preventing a rendering of the content material 2 01 by other 
devices. This doubly encrypted key E^p(E^„(KC)) 241 is in a memory 
340 of the medium 300. The corresponding rendering device 400 

15 contains a decrypter 440 that decrypts the doubly encrypted key 
E^p(E^(KC)) 341 from the memory 340 using a private key Kp 404 
corresponding to the public key KP 2 04 of a public -private key 
pair. This decrypter 440 provides the aforementioned encrypted 
content key E^^(KC) 431. 

20 [00231 For completeness, FIG. 1 illustrates an authorization 
module 450 in the rendering device 400 that enforces the limited 
rendering rights discussed in the Background of the Invention, 
above. Copending U.S. patcnt Patent application, — "Usage DcpcndGnt 
Ticket to Protect Copy protcctod Material", U.S. — serial number 

25 , — filed for Michael Epotcin, Attorney Docket 
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rilA (Diocloourc 700657 Application Serial No. 09/454,350, 

filed December 3. 1999, to Michael A. Epstein, entitled "USAGE 
DEPENDENT TICKET TO PROTECT COPY- PROTECTED MATERIAL" (Attorney 
Docket PHA 23,636), presents a method and system for allocating and 
5 enforcing limited rights to each copy of encrypted content material 
that is stored on a recording mediiim, and is incorporated by 
reference herein. As applied to this invention, the content 
provider 200 includes a rights allocator 250 that stores allocated 
rights 251 on the recording medium 300. These allocated rights 251 

10 are based on a usage parameter 352 of the medium 3 00 at the time 
that the encrypted content material 221 is recorded to the medium 
300. The rights 251 may be encoded, for example, as a ticket that 
is "punched" by a modifier 3 55 each time the medium is accessed 499 
by a rendering device 400, or as a counter that is decremented, and 

15 so on. In accordance with another aspect of this invention, the 
recording indicator 310 may be configured to change its stored 
value U whenever the memory area 3 50 that contains the rights are 
written to from an external source, such as the content provider 
200, or by an illicit attempt to modify the rights stored by the 

20 content provider 200. As discussed above, if the retrieved value U 
312 differs from the original value U 311, the decrypted content 
material 401 will not match the original content material 201, and 
will be virtually unrenderable . If the rights in the memory 350 and 
the encrypted content material in the memory 32 0 have not been 

25 externally changed, the decrypted content material 401 will match 
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the original content material 201 and will be renderable. An 

authorization module 450 prevents the rendering 401', however, if 

the usage 3 53 of the medium 3 00 has exceeded the rights 351 

allocated to the medium 300, via the gate 490. The rendering module 

5 480 represents the components that render the decrypted content 

material 401, such as an audio system, an audio-video system, a 

computer system, and the like. The gate 490 represents any of a 

variety of means commonly available for inhibiting the production 

of the rendered material 401' from the content material 401 by the 

10 authorization module 450. 

[00241 The foregoing merely illustrates the principles of the invention. It will thus be 

appreciated that those skilled in the art will be able to devise various arrangements which, although 

not explicitly described or shown herein, embody the principles of the invention and are thus within 

the spirit and scope of the following claimo . 

15 claims , 
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CLAIMC 

I Glaim ; 

1. A recording modium comprioing : 

Q firot memory that io configured to otorc onoryptcd contont 

material via q firot write operation, 

a recording indicator that io configured to contain a unique 

identifier at each occurrence of the firot write operation, — aftd 

a oecond memory that io configured to otore, — via a oecond 

write operation, — a oecure item baaed on the unique identifier when 
the encr^TDted content material io otored. 

3-: — The recording medium of claim 1, — wherein 

the oecure item includeo an encrypted key that facilitateo a 

dccr^^tion of the encrypted content material, — the encrypted key 
being dependent upon the unique identifier. 

— The recording medium of claim 1, wherein 

the recording indicator includeo a counter that io configured 

to be incremented by a recording device when the recording device 
recordo the encr^^tcd content material . 
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4. A rendering dovicc that is configurod to render content rnQtorial 
corrcoponding to encrypted eontent material that io contained on a 
recording mcdiiam, — the recording mcdiiiiTi also including a recording 
indicator that containa an original value, — the rendering device 
comprising ; 

one or more decrypterD that are configured to decrypt the 

encrypted content material baoed on a current value of the 
recording indicator , — ouch that the one or more decryptcro provide 
the content material only when the current value of the recording 
indicator correopondQ to the original value of the recording 
indicator, — afid 

a rendorer that io configured to render the content material. 

5. The rendering device of claim 4, — further including : 

an authorization device that io configured to control the 

renderer baoed on a uoage meaoure aGOOciated with the recording 
medium and a validity period aoDOciated with the content material. 

6. The rendering device of claim 4, — further including 

a Icey generator that createa a unique key baoed on the current 

value of the recording indicator, — aed 
wherein 

the one or more decryptcro are configured to decrypt the 

encrypted content material baoed on the unique key that io baoed on 
the current value of the recording indicator. 
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7. The rendering device of Glaim 6, wherein 
the one or more decryptero include: 

Q firot dccrypter that dcorypto a doubly encrypted 

content key baaed on q private key of the rendering device to 
provide a oingly encrypted content key, 

a second dccrypter that dcorypto the oingly encrypted 

content key — baaed on the unique key that io baocd on the current 
value of the recording indicator to provide a content key, — afid 

a third dccrypter that decrypto the encrypted content 

material baocd on the content Iccy to provide the content material. 



8. A provider of content material comprioing 

a recorder that io configured to record encrypted content 

material and a corrcoponding oecure item on a recording medium, 

the encrypted content material being encr^y^tod baaed on a 
content key, — aftd 

the oecure item being baaed on a value of a recording 
indicator of the recording medium when the encrypted content 
material io recorded on the recording medium. 

9. The provider of claim 8 , — further comprioing 

an allocator that io configured to allocate rendering righto 

aaaociated with the encrypted content material, — afid 
wherein 

the recorder io further configured to record the rendering 

righto on the recording medium. 

10. The provider ao claimed in claim 8, wherein 

the oecure item correopondo to an encryption of the content 
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Iccy baoQd on the value of the recording indicator, 

11. The provider ao claimed in claim 8 , — further comprioing 

one or more cncryptcro that are configured to provide the 

oecuro item. 

12. The provider of claim 8, — further including 

a key generator that generatco a unique key baaed on the value 

of the recording indicator, — aft^ 

one or more cncryptcro that are configured to encrypt the 

content Icey baoed on the unique key to produce the aocure item. 

i^-i — The provider of claim 8 , — further comprioing 

a firot encrypter that encrypto the content key baoed on a 

unique Icey that io dependent upon a value of the recording 
indicator to produce a oingly encrypted content key, — aftd 

a oecond encrypter that encrypto the oingly encrypted content 

key baoed on a public Icey that io aooociated with a rendering 
device to produce a doubly encrypted content Icey corrooponding to 
the oocure item. 
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14. A method of providing content material, — the method comprioing: 

recording encrypted content material on a recording mediiim, 

the encrypted content material being dependent upon the content 
material and a content key, — and 

recording a oecure item on the recording medium, — the Gocure 

item being dependent upon a recording indicator that io aooociated 
with the recording medium. 

— The method of claim 1 4 , — further including 

recording rendering righto aooociated with the encrypted 

content material on the recording medium, 

16. The method of claim 14, — further including ! 

generating a unique key that io baaed on the recording 

indicator, 

cncr^ i ^ting the content Icey uoing the unique key to produce the 

oecure item. 

17. The method of claim 14, — wherein 
the method further including ; 

generating a unique Icey that io booed on the recording 

indicator, 

encr^T ' ting the content key uoing the unique key to 

produce a oingly encrypted content key, — a^d 

encr^y^ting the oingly encrypted content key uoing a 

public key aooociated with a rendering device to produce the oecure 
item. 
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1 8 . A method of rendering content rnQtcrial from a rocording mcdiixm 
that includes cneryptod content material, — an encr^^tcd content key, 
and a recording indicator, — the method comprioing ! 

determining a unique key baoed on the recording indicator, 

decrypting the encrypted content Icey baoed on the unique key 

to provide a content key, 

decr^ F ^ting the encrypted content material baoed on the content 

]cey to provide the content material, — and 
rendering the content material. 

10. The method of claim 1 8 , wherein 

the rocording medium aloo includeo rendering righto, — aad 

rendering the content material io dependent upon the rendering 

righto . 

20. The method of claim 1 8 , wherein 

decr^T^ting the encrypted content Icey includeo : 

decr^y^ting the encrypted content Icey baoed on a private 

key to provide a oingly encrypted content key, — and 

decrypting the oingly encr^y^ted content Icey baoed on the 

unique Icey to provide the content ]coy. 



Error! Unknown switch argxment J>age 21 




# 



PHA 23 , 637 



Key Distribution via a Memory Device 



ABSTRACT OF THE DISCLOSURE 



An cncr]yT>tion oyotcm prcvonto q replay attack by providing a ooGurc 
item that io oubotantially unique for each recording of copy 
protected content material. — A A memory element is provided in the 
recording medium that is readable but not writeable by external 
5 devices, and whose content changes each time select material is 

recorded onto the medium. In a preferred embodiment, — fefee The content 
of this memory element io uood to form forms a unique encryption key 
that jg uned to cncr\T3t for encrypting the content encryption key. 
This unique cncr^^tion of the encrvpted content encryption key is 

10 further encrypted using a public key that corresponds to a private 
key of the intended rendering device. Although the unique 
encryption key is determinable by reading and processing the 
content of the externally read-only memory element, the decryption 
of the content encryption key requires both the unique encryption 

15 key and the private key of the intended rendering device. Because 
the unique encryption key is based on a content value of the read- 
only memory element that is unique to each recording to the 
recording medium, a subsequent illicit re-recording of the original 
encrypted content material onto the recording medium (a replay 

20 attack) will not provide the same unique encryption key as the 
unique encryption key used to originally encrypt the content 
encryption key. Because the unique encryption key of the replay 
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attack differs from the original unique encryption key used to 
encrypt the content encryption key, the rendering device will be 
25 unable to decrypt the content encryption key, and thereby will be 
unable to decrypt the content material, and the replay attack will 
fail. 
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